1*3e07920fSDavid van Moolenbroek<html> 2*3e07920fSDavid van Moolenbroek<head> 3*3e07920fSDavid van Moolenbroek<title>NetBSD & Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title> 4*3e07920fSDavid van Moolenbroek</head> 5*3e07920fSDavid van Moolenbroek<body> 6*3e07920fSDavid van Moolenbroek 7*3e07920fSDavid van Moolenbroek<center> 8*3e07920fSDavid van Moolenbroek<table> 9*3e07920fSDavid van Moolenbroek<tr> 10*3e07920fSDavid van Moolenbroek <td><a href="http://www.NetBSD.org/"><img border=0 valign="top" src="../../NetBSD.png" alt="[NetBSD logo]" /></a></td> 11*3e07920fSDavid van Moolenbroek <td><font size="+5"> & </font></td> 12*3e07920fSDavid van Moolenbroek <td><a href="http://www.google.com/"><img border=0 valign="bottom" src="http://www.google.com/intl/en/images/logo.gif" alt="[Google logo]" /></a></td> 13*3e07920fSDavid van Moolenbroek</tr> 14*3e07920fSDavid van Moolenbroek</table> 15*3e07920fSDavid van Moolenbroek</center> 16*3e07920fSDavid van Moolenbroek 17*3e07920fSDavid van Moolenbroek<h1>NetBSD-SoC: Improve syslogd</h1> 18*3e07920fSDavid van Moolenbroek 19*3e07920fSDavid van Moolenbroek<h2>What is it?</h2> 20*3e07920fSDavid van Moolenbroek 21*3e07920fSDavid van Moolenbroek<p>The syslog daemon handles most log messages of a unixoid system. It receives messages from shell-scripts, applications, daemons, the kernel, or by network and then writes them into logfiles, on user's consoles or forwards them to some other logserver -- all depending on its configuration and the message properties.</p> 22*3e07920fSDavid van Moolenbroek 23*3e07920fSDavid van Moolenbroek<p>implemented the upcoming <a class="ext-link" href="http://tools.ietf.org/wg/syslog/">IETF 24*3e07920fSDavid van Moolenbroekstandards</a> for <a class="ext-link" href="http://www.netbsd.org/">NetBSD</a>'s syslog(3) 25*3e07920fSDavid van Moolenbroekand syslogd(8): 26*3e07920fSDavid van Moolenbroek</p> 27*3e07920fSDavid van Moolenbroek<ul><li><a class="ext-link" 28*3e07920fSDavid van Moolenbroek href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls"><span 29*3e07920fSDavid van Moolenbroek class="icon">transport-tls</span></a> defines the network protocol to send 30*3e07920fSDavid van Moolenbroek syslog data over TLS (instead of UDP), thus providing a reliable and 31*3e07920fSDavid van Moolenbroek authenticated transport. 32*3e07920fSDavid van Moolenbroek </li><li><a class="ext-link" 33*3e07920fSDavid van Moolenbroek href="http://tools.ietf.org/html/draft-ietf-syslog-protocol"><span 34*3e07920fSDavid van Moolenbroek class="icon">syslog-protocol</span></a> defines a new layout for syslog 35*3e07920fSDavid van Moolenbroeklines; the most important additions are full timestamps (with year and timezone) 36*3e07920fSDavid van Moolenbroekand structured data with name=value pairs. This enables all programs to declare 37*3e07920fSDavid van Moolenbroeksemantic content (uid, client IP, return codes, etc), making automatic 38*3e07920fSDavid van Moolenbroeklog-monitoring (or at least parsing) much easier. 39*3e07920fSDavid van Moolenbroek</li><li><a class="ext-link" 40*3e07920fSDavid van Moolenbroekhref="http://tools.ietf.org/html/draft-ietf-syslog-sign"><span 41*3e07920fSDavid van Moolenbroek class="icon">syslog-sign</span></a> defines signature messages to assert 42*3e07920fSDavid van Moolenbroek authentication, integrity and correct sequencing of syslog messages. 43*3e07920fSDavid van Moolenbroek</li></ul><p> 44*3e07920fSDavid van Moolenbroek To my knowledge this is one of the first implementations of these 45*3e07920fSDavid van Moolenbroek protocols. It will provide NetBSD (and hopefully the other BSDs as well) with 46*3e07920fSDavid van Moolenbroek an advanced, reliable, and secure syslogd; thus saving admins the time and 47*3e07920fSDavid van Moolenbroek effort to install custom logging solutions just to get secure transport to 48*3e07920fSDavid van Moolenbroek their central logserver. 49*3e07920fSDavid van Moolenbroek</p> 50*3e07920fSDavid van Moolenbroek 51*3e07920fSDavid van Moolenbroek<h2>Current Status</h2> 52*3e07920fSDavid van Moolenbroek<h3>Functions</h3> 53*3e07920fSDavid van Moolenbroek<h4>TLS</h4> 54*3e07920fSDavid van Moolenbroek<p>The TLS support is now working (tested with RSA and DSA keys). 55*3e07920fSDavid van MoolenbroekIt will read its configuration from syslog.conf, accept incoming TLS connections 56*3e07920fSDavid van Moolenbroekto receive messages, establish connections to other TLS servers.</p> 57*3e07920fSDavid van Moolenbroek<p>If a TLS server is temporarily not available then its messages will be buffered 58*3e07920fSDavid van Moolenbroekand sent after reconnection.</p> 59*3e07920fSDavid van Moolenbroek 60*3e07920fSDavid van Moolenbroek<h4>syslog-protocol</h4> 61*3e07920fSDavid van Moolenbroek<p>A command line option determines whether syslogd output is in BSD Syslog or in syslog-protocol format. All received messages are converted accordingly.</p> 62*3e07920fSDavid van Moolenbroek<p>I also modified syslog(3) in libc to send syslog-protocol messages.</p> 63*3e07920fSDavid van Moolenbroek<p>While syslog(3) can only use the message field, a new syslogp(3) call is provided to add a MSGID and structured data to a message.</p> 64*3e07920fSDavid van Moolenbroek 65*3e07920fSDavid van Moolenbroek<h4>syslog-sign</h4> 66*3e07920fSDavid van Moolenbroek<p>syslogd(8) is now able to <a href="sign.html">digitally sign messages with syslog-sign.</a></p> 67*3e07920fSDavid van Moolenbroek 68*3e07920fSDavid van Moolenbroek<h3>syslog.conf</h3> 69*3e07920fSDavid van Moolenbroek<p>I extended the traditional configuration file format to support additionally fields for TLS. 70*3e07920fSDavid van MoolenbroekA syslog.conf for TLS currently looks like this:</p> 71*3e07920fSDavid van Moolenbroek<pre> 72*3e07920fSDavid van Moolenbroek# TLS options 73*3e07920fSDavid van Moolenbroektls_ca="/etc/my.cacert" 74*3e07920fSDavid van Moolenbroektls_cert="/etc/localhost.crt" 75*3e07920fSDavid van Moolenbroektls_key="/etc/localhost.key" 76*3e07920fSDavid van Moolenbroektls_verify="off" 77*3e07920fSDavid van Moolenbroektls_bindhost="127.0.0.1" 78*3e07920fSDavid van Moolenbroektls_bindport="13245" 79*3e07920fSDavid van Moolenbroektls_server=on 80*3e07920fSDavid van Moolenbroek 81*3e07920fSDavid van Moolenbroek# file destination 82*3e07920fSDavid van Moolenbroek*.* /home/mschuett/test.log 83*3e07920fSDavid van Moolenbroek# UDP destination 84*3e07920fSDavid van Moolenbroek*.* @192.168.178.5 85*3e07920fSDavid van Moolenbroek# TLS destination 86*3e07920fSDavid van Moolenbroek*.* @[127.0.0.1]:5555(fingerprint="SHA1:E4:E1:A6:1C:D4:31:D7:D4:9B:B8:DC:DF:DD:CE:30:71:46:00:92:C9") 87*3e07920fSDavid van Moolenbroek</pre> 88*3e07920fSDavid van Moolenbroek 89*3e07920fSDavid van Moolenbroek<h3>Source Code</h3> 90*3e07920fSDavid van Moolenbroek<p>To try syslogd fetch the latest <a href="http://mschuette.name/files/syslogd_080818.tar.gz">.tar.gz archive (2008-08-18)</a> (older versions: <a href="http://mschuette.name/files/syslogd_080805.tar.gz">2008-08-05</a>, <a href="http://mschuette.name/files/syslogd-tls.tar.gz">2008-08-05</a>).</p> 91*3e07920fSDavid van Moolenbroek 92*3e07920fSDavid van Moolenbroek<p>The sources for <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src/">syslogd</a>, the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-libc_gen/">libc functions</a>, <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-newsyslog/">newsyslog</a>, and <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/src-logger/">logger</a> are also available from the <a href="http://netbsd-soc.cvs.sourceforge.net/netbsd-soc/syslogd/">CVS on sourceforge</a>.</p> 93*3e07920fSDavid van Moolenbroek 94*3e07920fSDavid van Moolenbroek<p>For development I used an own <a href="https://anonymous:anonymous@barney.cs.uni-potsdam.de/svn/syslogd/trunk/src/">SVN</a>; a detailed timeline of code changes is available in the <a href="https://barney.cs.uni-potsdam.de/trac/syslogd/timeline">on my Trac</a>.</p> 95*3e07920fSDavid van Moolenbroek 96*3e07920fSDavid van Moolenbroek<p>The syslogd code needs <a href="http://www.openssl.org/ OpenSSL"></a> and <a href="http://www.monkey.org/~provos/libevent/">libevent</a>. The only system-dependent function is wallmsg() to write messages to users's terminals.<br/> 97*3e07920fSDavid van MoolenbroekIt was developed and tested on NetBSD and FreeBSD. I heard it does not compile on OpenBSD (I do not know about DragonflyBSD), probably due to different files under /usr/include. I would be interested if someone tried to compile on Linux; this will be some more work, because one will also need additional functions from BSDs libc that are not in glibc (most notably strlcat()).</p> 98*3e07920fSDavid van Moolenbroek 99*3e07920fSDavid van Moolenbroek<h2>Deliverables</h2> 100*3e07920fSDavid van Moolenbroek<p> 101*3e07920fSDavid van MoolenbroekI got all my <b>mandatory components</b>: 102*3e07920fSDavid van Moolenbroek</p> 103*3e07920fSDavid van Moolenbroek<ul> 104*3e07920fSDavid van Moolenbroek <li>Implement transport-tls in syslogd(8)</li> 105*3e07920fSDavid van Moolenbroek <li>Implement syslog-protocol in syslogd(8)</li> 106*3e07920fSDavid van Moolenbroek <li>Implement syslog-protocol in syslog(3)</li> 107*3e07920fSDavid van Moolenbroek <li>Implement syslog-sign in syslogd(8)</li> 108*3e07920fSDavid van Moolenbroek</ul> 109*3e07920fSDavid van Moolenbroek<p> 110*3e07920fSDavid van Moolenbroek...and parts of my <b>optional components</b>: 111*3e07920fSDavid van Moolenbroek</p> 112*3e07920fSDavid van Moolenbroek<ul> 113*3e07920fSDavid van Moolenbroek <li>interoperability with other implementations: so far I could only test TLS-transport with rsyslog</li> 114*3e07920fSDavid van Moolenbroek <li>Extended API to use new functions: with syslogp() I wrote a new API; but it is not really the extended API I had in mind here.</li> 115*3e07920fSDavid van Moolenbroek</ul> 116*3e07920fSDavid van Moolenbroek 117*3e07920fSDavid van Moolenbroek<h2>Documentation</h2> 118*3e07920fSDavid van Moolenbroek 119*3e07920fSDavid van Moolenbroek<p>New manpages and description:</p> 120*3e07920fSDavid van Moolenbroek<ul> 121*3e07920fSDavid van Moolenbroek <li>my <a href="./doc/syslogd.8.html">syslogd(8)</a></li> 122*3e07920fSDavid van Moolenbroek <li>my <a href="./doc/syslog.conf.5.html">syslog.conf(5)</a></li> 123*3e07920fSDavid van Moolenbroek <li>my <a href="./doc/syslog.3.html">syslog(3)/syslogp(3)</a></li> 124*3e07920fSDavid van Moolenbroek <li><a href="howto.html">How-To configure a TLS transport</a></li> 125*3e07920fSDavid van Moolenbroek <li><a href="sign.html">Overview of syslog-sign and its usage</a></li> 126*3e07920fSDavid van Moolenbroek</ul> 127*3e07920fSDavid van Moolenbroek 128*3e07920fSDavid van Moolenbroek<p>Existing specifications and man-pages:</p> 129*3e07920fSDavid van Moolenbroek<ul> 130*3e07920fSDavid van Moolenbroek <li><a href="http://tools.ietf.org/html/rfc3164">RFC3164: The BSD syslog Protocol</a></li> 131*3e07920fSDavid van Moolenbroek <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslogd++NetBSD-current">syslogd(8)</a></li> 132*3e07920fSDavid van Moolenbroek <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog.conf+5+NetBSD-current">syslog.conf(5)</a></li> 133*3e07920fSDavid van Moolenbroek <li><a href="http://netbsd.gw.com/cgi-bin/man-cgi?syslog+3+NetBSD-current">syslog(3)</a></li> 134*3e07920fSDavid van Moolenbroek <li><a href="http://www.opengroup.org/onlinepubs/009695399/basedefs/syslog.h.html">SUS on syslog.h</a></li> 135*3e07920fSDavid van Moolenbroek <li><a href="http://www.opengroup.org/onlinepubs/009695399/functions/syslog.html">SUS on syslog()</a></li> 136*3e07920fSDavid van Moolenbroek</ul> 137*3e07920fSDavid van Moolenbroek 138*3e07920fSDavid van Moolenbroek<p>IETF documents:</p> 139*3e07920fSDavid van Moolenbroek<ul> 140*3e07920fSDavid van Moolenbroek <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-udp">Transmission of syslog messages over UDP (draft-ietf-syslog-transport-udp)</a></li> 141*3e07920fSDavid van Moolenbroek <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-transport-tls">TLS Transport Mapping for Syslog (draft-ietf-syslog-transport-tls)</a></li> 142*3e07920fSDavid van Moolenbroek <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-protocol">The syslog Protocol (draft-ietf-syslog-protocol)</a></li> 143*3e07920fSDavid van Moolenbroek <li><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">Signed syslog Messages (draft-ietf-syslog-sign)</a></li> 144*3e07920fSDavid van Moolenbroek</ul> 145*3e07920fSDavid van Moolenbroek 146*3e07920fSDavid van Moolenbroek<hr> 147*3e07920fSDavid van Moolenbroek 148*3e07920fSDavid van Moolenbroek<table border=0> 149*3e07920fSDavid van Moolenbroek<tr> 150*3e07920fSDavid van Moolenbroek<td> 151*3e07920fSDavid van Moolenbroek<a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&type=2" width="125" height="37" border="0" alt="SourceForge.net Logo" /></a> 152*3e07920fSDavid van Moolenbroek<td> 153*3e07920fSDavid van Moolenbroek <table> 154*3e07920fSDavid van Moolenbroek <tr> <td> Martin Schütte <<tt>info@mschuette.name</tt>> </td> </tr> 155*3e07920fSDavid van Moolenbroek <tr> <td> $Id: index.html,v 1.1 2008/10/31 16:12:19 christos Exp $ </td> </tr> 156*3e07920fSDavid van Moolenbroek </table> 157*3e07920fSDavid van Moolenbroek</tr> 158*3e07920fSDavid van Moolenbroek</table> 159*3e07920fSDavid van Moolenbroek 160*3e07920fSDavid van Moolenbroek</body> 161*3e07920fSDavid van Moolenbroek</html> 162
